CVE-2024-45779
March 7, 2025, 10:14 p.m.
4.1
Medium
Description
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Gnu |
|
|
Weaknesses
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-190
Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
*CPE(s)
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | gnu | grub2 | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data
- Attack Vector: LOCAL
- Attack Complexity: HIGH
- Privileges Required: HIGH
- Scope: UNCHANGED
- Confidentiality Impact: NONE
- Integrity Impact: HIGH
- Availability Impact: NONE
View Vector String
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Date
- Published: March 3, 2025, 3:15 p.m.
- Last Modified: March 7, 2025, 10:14 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
secalert@redhat.com
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.